allow blank passwords again (sf bug 619714)

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1325 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/CHANGES.txt b/CHANGES.txt
index 665dd3546033e54a99358f3da605b5aa4b4bf83b..5d2c2fb189b02a2076a9354dde89edd5b5c90c32 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -13,6 +13,7 @@ are given with the most recent entry first.
 - https URLs from config now recognised as valid (sf bug 619829)
 - nicer display of tracker list in roundup-server (sf bug 619769)
 - fixed some missed renaming instance -> tracker (sf bug 619769)
+- allow blank passwords again (sf bug 619714)
 
 
 2002-10-02 0.5.0

diff --git a/doc/customizing.txt b/doc/customizing.txt
index 4caa99ac5f814c80df46c799faea080a5f78bfb9..fec578b7097208bf98645f3f4722bdcd2805db49 100644 (file)
--- a/doc/customizing.txt
+++ b/doc/customizing.txt
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.52 $
+:Version: $Revision: 1.53 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -580,6 +580,10 @@ Example Scenarios
    <option tal:condition="python:request.user.hasPermission('Closer')"
            value="resolved">Resolved</option>
  
+**don't give users who register through email web access**
+ Create a new Role called "Email User" which has all the Permissions of the
+ normal "User" Role minus the "Web Access" Permission. This will allow users
+ to send in emails to the tracker, but not access the web interface.
 
 
 Web Interface

diff --git a/roundup/backends/back_anydbm.py b/roundup/backends/back_anydbm.py
index d99094fc016a3fe67fc3ab3d17ef7853228d1587..755dab3a44bd26699bf64f28acb82fbd1ca7e1d6 100644 (file)
--- a/roundup/backends/back_anydbm.py
+++ b/roundup/backends/back_anydbm.py
@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-#$Id: back_anydbm.py,v 1.88 2002-10-07 00:52:51 richard Exp $
+#$Id: back_anydbm.py,v 1.89 2002-10-08 04:11:14 richard Exp $
 '''
 This module defines a backend that saves the hyperdatabase in a database
 chosen by anydbm. It is guaranteed to always be available in python
@@ -366,7 +366,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
             # get the property spec
             prop = properties[k]
 
-            if isinstance(prop, Password):
+            if isinstance(prop, Password) and v is not None:
                 d[k] = str(v)
             elif isinstance(prop, Date) and v is not None:
                 d[k] = v.serialise()
@@ -397,7 +397,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p

diff --git a/roundup/backends/back_sqlite.py b/roundup/backends/back_sqlite.py
index cbd6d6e6200197c619713ac377506fcffec867e8..53be129b1da31f9c80ff396e17cc5f1f5c21be68 100644 (file)
--- a/roundup/backends/back_sqlite.py
+++ b/roundup/backends/back_sqlite.py
@@ -1,4 +1,4 @@
-# $Id: back_sqlite.py,v 1.6 2002-09-27 01:04:38 richard Exp $
+# $Id: back_sqlite.py,v 1.7 2002-10-08 04:11:16 richard Exp $
 __doc__ = '''
 See https://pysqlite.sourceforge.net/ for pysqlite info
 '''
@@ -155,7 +155,7 @@ class Database(Database):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p

diff --git a/roundup/backends/rdbms_common.py b/roundup/backends/rdbms_common.py
index 8839273f11243e08bb9e2ca1b07f48414e151321..a60c79d6646f1296bdcaddff6d7292e5826e3847 100644 (file)
--- a/roundup/backends/rdbms_common.py
+++ b/roundup/backends/rdbms_common.py
@@ -1,4 +1,4 @@
-# $Id: rdbms_common.py,v 1.21 2002-10-07 00:52:51 richard Exp $
+# $Id: rdbms_common.py,v 1.22 2002-10-08 04:11:16 richard Exp $
 ''' Relational database (SQL) backend common code.
 
 Basics:
@@ -699,7 +699,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
             # get the property spec
             prop = properties[k]
 
-            if isinstance(prop, Password):
+            if isinstance(prop, Password) and v is not None:
                 d[k] = str(v)
             elif isinstance(prop, Date) and v is not None:
                 d[k] = v.serialise()
@@ -730,7 +730,7 @@ class Database(FileStorage, hyperdb.Database, roundupdb.Database):
                 d[k] = date.Date(v)
             elif isinstance(prop, Interval) and v is not None:
                 d[k] = date.Interval(v)
-            elif isinstance(prop, Password):
+            elif isinstance(prop, Password) and v is not None:
                 p = password.Password()
                 p.unpack(v)
                 d[k] = p

diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 46167ebfaf52118a0ac38c5fca75d84fd10765af..635cf72c037c832558ca46280108ab15fe3fe6fe 100644 (file)
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.50 2002-10-07 00:52:51 richard Exp $
+# $Id: client.py,v 1.51 2002-10-08 04:11:17 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -525,7 +525,8 @@ class Client:
         # make sure we're allowed to be here
         if not self.loginPermission():
             self.make_user_anonymous()
-            raise Unauthorised, _("You do not have permission to login")
+            self.error_message.append(_("You do not have permission to login"))
+            return
 
         # now we're OK, re-open the database for real, using the user
         self.opendb(self.user)
@@ -536,7 +537,12 @@ class Client:
     def verifyPassword(self, userid, password):
         ''' Verify the password that the user has supplied
         '''
-        return password == self.db.user.get(self.userid, 'password')
+        stored = self.db.user.get(self.userid, 'password')
+        if password == stored:
+            return 1
+        if not password and not stored:
+            return 1
+        return 0
 
     def loginPermission(self):
         ''' Determine whether the user has permission to log in.

diff --git a/roundup/roundupdb.py b/roundup/roundupdb.py
index eb62444c7ba2e62d564069b13714f11070c7eb49..65739b0bd9a38135c47c44b1a77e1a53dc9ef0fc 100644 (file)
--- a/roundup/roundupdb.py
+++ b/roundup/roundupdb.py
@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: roundupdb.py,v 1.70 2002-10-08 03:27:24 richard Exp $
+# $Id: roundupdb.py,v 1.71 2002-10-08 04:11:13 richard Exp $
 
 __doc__ = """
 Extending hyperdb with types specific to issue-tracking.
@@ -291,7 +291,7 @@ class IssueClass:
         # then append a trailing slash if it is missing
         base = self.db.config.TRACKER_WEB 
         if (not isinstance(base , type('')) or
-            not base.startswith('http://'):
+            not base.startswith('http://') or
             not base.startswith('https://')):
             base = "Configuration Error: TRACKER_WEB isn't a " \
                 "fully-qualified URL"